byterover-cli 0.1.0

package/dist/infra/auth/oauth-service.d.ts

@@ -0,0 +1,49 @@
+import { OAuthConfig } from '../../config/auth.config.js';
+import { OAuthTokenData } from '../../core/domain/entities/oauth-token-data.js';
+import { AuthorizationContext, IAuthService } from '../../core/interfaces/i-auth-service.js';
+/**
+ * OAuth service implementation for handling OAuth authentication flows.
+ */
+export declare class OAuthService implements IAuthService {
+    private readonly config;
+    private readonly verifierStore;
+    constructor(config: OAuthConfig);
+    /**
+     * Exchanges an authorization code for OAuth token data.
+     * @param code The authorization code received from the authorization server.
+     * @param context The authorization context from initiateAuthorization (contains state for verifier lookup).
+     * @param redirectUri The redirect URI used in the authorization request (must match for OAuth 2.0 compliance).
+     * @returns The OAuth token data with refresh token and expiration (without user information).
+     */
+    exchangeCodeForToken(code: string, context: AuthorizationContext, redirectUri: string): Promise<OAuthTokenData>;
+    /**
+     * Initiates the authorization flow by generating PKCE parameters and building the authorization URL.
+     * The code_verifier is generated and stored internally by the service.
+     * @param redirectUri The redirect URI where authorization codes will be received.
+     * @returns Authorization context containing the URL and state for CSRF protection.
+     */
+    initiateAuthorization(redirectUri: string): AuthorizationContext;
+    refreshToken(refreshToken: string): Promise<OAuthTokenData>;
+    /**
+     * Generates a code challenge from a code verifier using SHA-256 and base64url encoding.
+     * @param codeVerifier The code verifier.
+     * @returns The code challenge.
+     */
+    private generateCodeChallenge;
+    /**
+     * Generates a cryptographically secure code verifier for PKCE.
+     * @returns A random code verifier string.
+     */
+    private generateCodeVerifier;
+    /**
+     * Generates a cryptographically secure state parameter for CSRF protection.
+     * @returns A random state string.
+     */
+    private generateState;
+    /**
+     * Parses the token response from the OAuth server.
+     * @param data The response data from the OAuth server.
+     * @returns The parsed OAuthTokenData (without user information).
+     */
+    private parseTokenResponse;
+}

package/dist/infra/auth/oauth-service.js

@@ -0,0 +1,126 @@
+/* eslint-disable camelcase */
+import axios, { isAxiosError } from 'axios';
+import crypto from 'node:crypto';
+import { OAuthTokenData } from '../../core/domain/entities/oauth-token-data.js';
+import { AuthenticationError } from '../../core/domain/errors/auth-error.js';
+/**
+ * OAuth service implementation for handling OAuth authentication flows.
+ */
+export class OAuthService {
+    config;
+    verifierStore = new Map();
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Exchanges an authorization code for OAuth token data.
+     * @param code The authorization code received from the authorization server.
+     * @param context The authorization context from initiateAuthorization (contains state for verifier lookup).
+     * @param redirectUri The redirect URI used in the authorization request (must match for OAuth 2.0 compliance).
+     * @returns The OAuth token data with refresh token and expiration (without user information).
+     */
+    async exchangeCodeForToken(code, context, redirectUri) {
+        // Retrieve the code_verifier using the state from the context
+        const codeVerifier = this.verifierStore.get(context.state);
+        if (!codeVerifier) {
+            throw new AuthenticationError('Invalid authorization context: code_verifier not found. Context may be from a different service instance or already used.', 'invalid_context');
+        }
+        // Remove the code_verifier from the store (single-use)
+        this.verifierStore.delete(context.state);
+        try {
+            const response = await axios.post(this.config.tokenUrl, {
+                client_id: this.config.clientId,
+                // client_secret is undefined for public clients using PKCE.
+                client_secret: this.config.clientSecret,
+                code,
+                code_verifier: codeVerifier,
+                grant_type: 'authorization_code',
+                redirect_uri: redirectUri,
+            }, {
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+            });
+            return this.parseTokenResponse(response.data);
+        }
+        catch (error) {
+            if (isAxiosError(error)) {
+                throw new AuthenticationError(error.response?.data?.error_description ?? 'Failed to exchange code for token', error.response?.data?.error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Initiates the authorization flow by generating PKCE parameters and building the authorization URL.
+     * The code_verifier is generated and stored internally by the service.
+     * @param redirectUri The redirect URI where authorization codes will be received.
+     * @returns Authorization context containing the URL and state for CSRF protection.
+     */
+    initiateAuthorization(redirectUri) {
+        const codeVerifier = this.generateCodeVerifier();
+        const state = this.generateState();
+        const codeChallenge = this.generateCodeChallenge(codeVerifier);
+        // Store the code_verifier mapped to the state for later retrieval
+        this.verifierStore.set(state, codeVerifier);
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            redirect_uri: redirectUri,
+            response_type: 'code',
+            scope: this.config.scopes.join(' '),
+            state,
+        });
+        const authUrl = `${this.config.authorizationUrl}?${params.toString()}`;
+        return { authUrl, state };
+    }
+    async refreshToken(refreshToken) {
+        try {
+            const response = await axios.post(this.config.tokenUrl, {
+                client_id: this.config.clientId,
+                // client_secret is undefined for public clients using PKCE.
+                client_secret: this.config.clientSecret,
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+            });
+            return this.parseTokenResponse(response.data);
+        }
+        catch (error) {
+            if (isAxiosError(error)) {
+                throw new AuthenticationError(error.response?.data?.error_description ?? 'Failed to refresh token', error.response?.data?.error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Generates a code challenge from a code verifier using SHA-256 and base64url encoding.
+     * @param codeVerifier The code verifier.
+     * @returns The code challenge.
+     */
+    generateCodeChallenge(codeVerifier) {
+        return crypto.createHash('sha256').update(codeVerifier).digest('base64url');
+    }
+    /**
+     * Generates a cryptographically secure code verifier for PKCE.
+     * @returns A random code verifier string.
+     */
+    generateCodeVerifier() {
+        return crypto.randomBytes(32).toString('base64url');
+    }
+    /**
+     * Generates a cryptographically secure state parameter for CSRF protection.
+     * @returns A random state string.
+     */
+    generateState() {
+        return crypto.randomBytes(16).toString('base64url');
+    }
+    /**
+     * Parses the token response from the OAuth server.
+     * @param data The response data from the OAuth server.
+     * @returns The parsed OAuthTokenData (without user information).
+     */
+    parseTokenResponse(data) {
+        const expiresAt = new Date(Date.now() + data.expires_in * 1000);
+        return new OAuthTokenData(data.access_token, expiresAt, data.refresh_token, data.session_key, data.token_type);
+    }
+}

package/dist/infra/auth/oidc-discovery-service.d.ts

@@ -0,0 +1,51 @@
+import { IOidcDiscoveryService, OidcMetadata } from '../../core/interfaces/i-oidc-discovery-service.js';
+/**
+ * OIDC discovery service implementation.
+ * Fetches OIDC configuration from the well-known endpoint with in-memory caching.
+ */
+export declare class OidcDiscoveryService implements IOidcDiscoveryService {
+    private readonly cache;
+    private readonly cacheTtlMs;
+    private readonly maxRetries;
+    private readonly retryDelayMs;
+    private readonly timeoutMs;
+    /**
+     * Creates a new OIDC discovery service.
+     * @param cacheTtlMs Cache TTL in milliseconds (default: 1 hour)
+     * @param timeoutMs Request timeout in milliseconds (default: 5 seconds)
+     * @param maxRetries Maximum number of retry attempts (default: 3)
+     * @param retryDelayMs Base delay between retries in milliseconds (default: 1 second)
+     */
+    constructor(cacheTtlMs?: number, timeoutMs?: number, maxRetries?: number, retryDelayMs?: number);
+    discover(issuerUrl: string): Promise<OidcMetadata>;
+    /**
+     * Fetches OIDC metadata from the well-known endpoint with retry logic.
+     * @param issuerUrl The base URL of the OIDC issuer.
+     * @returns The OIDC metadata.
+     */
+    private fetchMetadata;
+    /**
+     * Fetches OIDC metadata from the well-known endpoint (single attempt).
+     * @param issuerUrl The base URL of the OIDC issuer.
+     * @param attempt Current attempt number.
+     * @returns The OIDC metadata.
+     */
+    private fetchMetadataOnce;
+    /**
+     * Gets metadata from cache if available and not expired.
+     * @param issuerUrl The issuer URL.
+     * @returns The cached metadata or undefined.
+     */
+    private getFromCache;
+    /**
+     * Sleep for a specified duration.
+     * @param ms Milliseconds to sleep.
+     */
+    private sleep;
+    /**
+     * Stores metadata in cache.
+     * @param issuerUrl The issuer URL.
+     * @param metadata The metadata to cache.
+     */
+    private storeInCache;
+}

package/dist/infra/auth/oidc-discovery-service.js

@@ -0,0 +1,145 @@
+import axios, { isAxiosError } from 'axios';
+import { DiscoveryError, DiscoveryNetworkError, DiscoveryTimeoutError } from '../../core/domain/errors/discovery-error.js';
+/**
+ * OIDC discovery service implementation.
+ * Fetches OIDC configuration from the well-known endpoint with in-memory caching.
+ */
+export class OidcDiscoveryService {
+    cache = new Map();
+    cacheTtlMs;
+    maxRetries;
+    retryDelayMs;
+    timeoutMs;
+    /**
+     * Creates a new OIDC discovery service.
+     * @param cacheTtlMs Cache TTL in milliseconds (default: 1 hour)
+     * @param timeoutMs Request timeout in milliseconds (default: 5 seconds)
+     * @param maxRetries Maximum number of retry attempts (default: 3)
+     * @param retryDelayMs Base delay between retries in milliseconds (default: 1 second)
+     */
+    constructor(cacheTtlMs = 3_600_000, timeoutMs = 5000, maxRetries = 3, retryDelayMs = 1000) {
+        this.cacheTtlMs = cacheTtlMs;
+        this.maxRetries = maxRetries;
+        this.retryDelayMs = retryDelayMs;
+        this.timeoutMs = timeoutMs;
+    }
+    async discover(issuerUrl) {
+        // Check cache first
+        const cached = this.getFromCache(issuerUrl);
+        if (cached) {
+            return cached;
+        }
+        // Fetch from discovery endpoint
+        const metadata = await this.fetchMetadata(issuerUrl);
+        // Store in cache
+        this.storeInCache(issuerUrl, metadata);
+        return metadata;
+    }
+    /**
+     * Fetches OIDC metadata from the well-known endpoint with retry logic.
+     * @param issuerUrl The base URL of the OIDC issuer.
+     * @returns The OIDC metadata.
+     */
+    async fetchMetadata(issuerUrl) {
+        let lastError;
+        for (let attempt = 1; attempt <= this.maxRetries; attempt++) {
+            try {
+                // eslint-disable-next-line no-await-in-loop
+                return await this.fetchMetadataOnce(issuerUrl, attempt);
+            }
+            catch (error) {
+                lastError = error;
+                // Don't retry on non-retryable errors
+                if (error instanceof DiscoveryError && !(error instanceof DiscoveryNetworkError)) {
+                    throw error;
+                }
+                // Don't retry if this was the last attempt
+                if (attempt >= this.maxRetries) {
+                    break;
+                }
+                // Wait before retrying (exponential backoff)
+                const delay = this.retryDelayMs * 2 ** (attempt - 1);
+                // eslint-disable-next-line no-await-in-loop
+                await this.sleep(delay);
+            }
+        }
+        // All retries exhausted
+        throw new DiscoveryError(`Failed to discover OIDC configuration after ${this.maxRetries} attempts: ${lastError?.message}`, issuerUrl, this.maxRetries);
+    }
+    /**
+     * Fetches OIDC metadata from the well-known endpoint (single attempt).
+     * @param issuerUrl The base URL of the OIDC issuer.
+     * @param attempt Current attempt number.
+     * @returns The OIDC metadata.
+     */
+    async fetchMetadataOnce(issuerUrl, attempt) {
+        try {
+            const wellKnownUrl = `${issuerUrl}/.well-known/openid-configuration`;
+            const response = await axios.get(wellKnownUrl, {
+                timeout: this.timeoutMs,
+            });
+            // Validate required fields
+            if (!response.data.authorization_endpoint || !response.data.token_endpoint) {
+                throw new DiscoveryError('Invalid OIDC discovery document: missing required endpoints', issuerUrl, attempt);
+            }
+            return {
+                authorizationEndpoint: response.data.authorization_endpoint,
+                issuer: response.data.issuer,
+                scopesSupported: response.data.scopes_supported,
+                tokenEndpoint: response.data.token_endpoint,
+            };
+        }
+        catch (error) {
+            if (isAxiosError(error)) {
+                // Timeout error
+                if (error.code === 'ECONNABORTED' || error.code === 'ETIMEDOUT') {
+                    throw new DiscoveryTimeoutError(issuerUrl, this.timeoutMs, attempt);
+                }
+                // Network errors (retryable)
+                if (error.code === 'ENOTFOUND' || error.code === 'ECONNREFUSED' || !error.response) {
+                    throw new DiscoveryNetworkError(issuerUrl, error, attempt);
+                }
+                // HTTP errors (non-retryable)
+                throw new DiscoveryError(`HTTP ${error.response?.status}: ${error.response?.statusText || error.message}`, issuerUrl, attempt);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Gets metadata from cache if available and not expired.
+     * @param issuerUrl The issuer URL.
+     * @returns The cached metadata or undefined.
+     */
+    getFromCache(issuerUrl) {
+        const entry = this.cache.get(issuerUrl);
+        if (!entry) {
+            return undefined;
+        }
+        // Check if expired
+        if (Date.now() > entry.expiresAt) {
+            this.cache.delete(issuerUrl);
+            return undefined;
+        }
+        return entry.metadata;
+    }
+    /**
+     * Sleep for a specified duration.
+     * @param ms Milliseconds to sleep.
+     */
+    async sleep(ms) {
+        return new Promise((resolve) => {
+            setTimeout(resolve, ms);
+        });
+    }
+    /**
+     * Stores metadata in cache.
+     * @param issuerUrl The issuer URL.
+     * @param metadata The metadata to cache.
+     */
+    storeInCache(issuerUrl, metadata) {
+        this.cache.set(issuerUrl, {
+            expiresAt: Date.now() + this.cacheTtlMs,
+            metadata,
+        });
+    }
+}

package/dist/infra/browser/system-browser-launcher.d.ts

@@ -0,0 +1,10 @@
+import open from 'open';
+import type { IBrowserLauncher } from '../../core/interfaces/i-browser-launcher.js';
+/**
+ * Browser launcher implementation that opens URLs in the system's default browser.
+ */
+export declare class SystemBrowserLauncher implements IBrowserLauncher {
+    private readonly openFn;
+    constructor(openFn?: typeof open);
+    open(url: string): Promise<void>;
+}

package/dist/infra/browser/system-browser-launcher.js

@@ -0,0 +1,18 @@
+import open from 'open';
+/**
+ * Browser launcher implementation that opens URLs in the system's default browser.
+ */
+export class SystemBrowserLauncher {
+    openFn;
+    constructor(openFn = open) {
+        this.openFn = openFn;
+    }
+    async open(url) {
+        try {
+            await this.openFn(url);
+        }
+        catch (error) {
+            throw new Error(`Failed to launch browser: ${error}`);
+        }
+    }
+}

package/dist/infra/config/file-config-store.d.ts

@@ -0,0 +1,21 @@
+import type { IProjectConfigStore } from '../../core/interfaces/i-project-config-store.js';
+import { BrConfig } from '../../core/domain/entities/br-config.js';
+/**
+ * File-based implementation of IProjectConfigStore.
+ * Stores configuration in .br/config.json in the project directory.
+ */
+export declare class ProjectConfigStore implements IProjectConfigStore {
+    private static readonly BR_DIR;
+    private static readonly CONFIG_FILE;
+    exists(directory?: string): Promise<boolean>;
+    read(directory?: string): Promise<BrConfig | undefined>;
+    write(config: BrConfig, directory?: string): Promise<void>;
+    /**
+     * Gets the full path to the .br directory.
+     */
+    private getBrDirPath;
+    /**
+     * Gets the full path to the config.json file.
+     */
+    private getConfigPath;
+}

package/dist/infra/config/file-config-store.js

@@ -0,0 +1,57 @@
+import { existsSync } from 'node:fs';
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { BrConfig } from '../../core/domain/entities/br-config.js';
+/**
+ * File-based implementation of IProjectConfigStore.
+ * Stores configuration in .br/config.json in the project directory.
+ */
+export class ProjectConfigStore {
+    static BR_DIR = '.br';
+    static CONFIG_FILE = 'config.json';
+    async exists(directory) {
+        const configPath = this.getConfigPath(directory);
+        return existsSync(configPath);
+    }
+    async read(directory) {
+        const configPath = this.getConfigPath(directory);
+        if (!existsSync(configPath)) {
+            return undefined;
+        }
+        try {
+            const content = await readFile(configPath, 'utf8');
+            const json = JSON.parse(content);
+            return BrConfig.fromJson(json);
+        }
+        catch (error) {
+            throw new Error(`Failed to read config from ${configPath}: ${error.message}`);
+        }
+    }
+    async write(config, directory) {
+        const brDirPath = this.getBrDirPath(directory);
+        const configPath = this.getConfigPath(directory);
+        try {
+            // Create .br directory if it doesn't exist
+            await mkdir(brDirPath, { recursive: true });
+            // Write config.json
+            const content = JSON.stringify(config.toJson(), undefined, 2);
+            await writeFile(configPath, content, 'utf8');
+        }
+        catch (error) {
+            throw new Error(`Failed to write config to ${configPath}: ${error.message}`);
+        }
+    }
+    /**
+     * Gets the full path to the .br directory.
+     */
+    getBrDirPath(directory) {
+        const baseDir = directory ?? process.cwd();
+        return join(baseDir, ProjectConfigStore.BR_DIR);
+    }
+    /**
+     * Gets the full path to the config.json file.
+     */
+    getConfigPath(directory) {
+        return join(this.getBrDirPath(directory), ProjectConfigStore.CONFIG_FILE);
+    }
+}

package/dist/infra/file/fs-file-service.d.ts

@@ -0,0 +1,28 @@
+import { type IFileService, type WriteMode } from '../../core/interfaces/i-file-service.js';
+/**
+ * File service implementation using Node.js fs module.
+ */
+export declare class FsFileService implements IFileService {
+    /**
+     * Checks if a file exists at the specified path.
+     *
+     * @param filePath The path to the file to check.
+     * @returns A promise that resolves with `true` if the file exists, `false` otherwise.
+     */
+    exists(filePath: string): Promise<boolean>;
+    /**
+     * Reads content from the specified file.
+     *
+     * @param filePath The path to the file to read from.
+     * @returns A promise that resolves with the content of the file.
+     */
+    read(filePath: string): Promise<string>;
+    /**
+     * Writes content to the specified file.
+     * @param content The content to write.
+     * @param filePath The path to the file to write to.
+     * @param mode The mode to write the content in ('append' or 'overwrite').
+     * @returns A promise that resolves when the content has been written.
+     */
+    write(content: string, filePath: string, mode: WriteMode): Promise<void>;
+}

package/dist/infra/file/fs-file-service.js

@@ -0,0 +1,57 @@
+import { access, appendFile, mkdir, readFile, writeFile } from 'node:fs/promises';
+import { dirname } from 'node:path';
+/**
+ * File service implementation using Node.js fs module.
+ */
+export class FsFileService {
+    /**
+     * Checks if a file exists at the specified path.
+     *
+     * @param filePath The path to the file to check.
+     * @returns A promise that resolves with `true` if the file exists, `false` otherwise.
+     */
+    async exists(filePath) {
+        try {
+            await access(filePath);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Reads content from the specified file.
+     *
+     * @param filePath The path to the file to read from.
+     * @returns A promise that resolves with the content of the file.
+     */
+    async read(filePath) {
+        try {
+            return await readFile(filePath, 'utf8');
+        }
+        catch (error) {
+            throw new Error(`Failed to read content from file '${filePath}': ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Writes content to the specified file.
+     * @param content The content to write.
+     * @param filePath The path to the file to write to.
+     * @param mode The mode to write the content in ('append' or 'overwrite').
+     * @returns A promise that resolves when the content has been written.
+     */
+    async write(content, filePath, mode) {
+        try {
+            // Ensure directory exists
+            const directory = dirname(filePath);
+            await mkdir(directory, { recursive: true });
+            // Write writeOperation
+            const writeOperation = mode === 'append' ? appendFile(filePath, content, 'utf8') : writeFile(filePath, content, 'utf8');
+            // Execute writeOperation
+            await writeOperation;
+        }
+        catch (error) {
+            throw new Error(`Failed to ${mode} content to file '${filePath}': ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+}

package/dist/infra/http/authenticated-http-client.d.ts

@@ -0,0 +1,46 @@
+import type { HttpRequestConfig, IHttpClient } from '../../core/interfaces/i-http-client.js';
+/**
+ * HTTP client implementation that automatically adds authentication headers to all requests.
+ *
+ * This client wraps axios and automatically includes:
+ * - Authorization: Bearer {accessToken}
+ * - x-byterover-session-id: {sessionKey}
+ *
+ * Usage:
+ * ```typescript
+ * const client = new AuthenticatedHttpClient(accessToken, sessionKey)
+ * const data = await client.get<ResponseType>('https://api.example.com/endpoint')
+ * ```
+ */
+export declare class AuthenticatedHttpClient implements IHttpClient {
+    private readonly accessToken;
+    private readonly sessionKey;
+    constructor(accessToken: string, sessionKey: string);
+    /**
+     * Performs an HTTP GET request with authentication headers.
+     * @param url The URL to request
+     * @param config Optional request configuration (headers, timeout)
+     * @returns A promise that resolves to the response data
+     * @throws Error if the request fails
+     */
+    get<T>(url: string, config?: HttpRequestConfig): Promise<T>;
+    /**
+     * Performs an HTTP POST request with authentication headers.
+     * @param url The URL to request
+     * @param data The data to send in the request body
+     * @param config Optional request configuration (headers, timeout)
+     * @returns A promise that resolves to the response data
+     * @throws Error if the request fails
+     */
+    post<TResponse, TData = unknown>(url: string, data?: TData, config?: HttpRequestConfig): Promise<TResponse>;
+    /**
+     * Builds request headers by merging authentication headers with custom headers.
+     * Custom headers take precedence over default headers.
+     */
+    private buildHeaders;
+    /**
+     * Transforms axios errors into generic Error instances.
+     * Preserves error information while abstracting axios-specific details.
+     */
+    private handleError;
+}